This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new 065ccd4 [owasp] suppress false positive Avro CVE-2021-43045 (#13764)
065ccd4 is described below
commit 065ccd4a712f89df0df0c32b5ee8d66feeb9b028
Author: Nicolò Boschi <[email protected]>
AuthorDate: Fri Jan 14 23:57:34 2022 +0100
[owasp] suppress false positive Avro CVE-2021-43045 (#13764)
(cherry picked from commit 239133670b927741d673e26ad2810b01c6bab8bd)
---
src/owasp-dependency-check-false-positives.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index 6cc464e..7b945a2 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -47,6 +47,11 @@
<gav regex="true">org\.apache\.avro:.*</gav>
<cve>CVE-2019-17195</cve>
</suppress>
+ <suppress>
+ <notes>CVE-2021-43045 affects only .NET distro, see
https://github.com/apache/avro/pull/1357</notes>
+ <gav regex="true">org\.apache\.avro:.*</gav>
+ <cve>CVE-2021-43045</cve>
+ </suppress>
<suppress base="true">
<notes><